C2S2

News

Cybersecurity startup Censys, co-founded by Prof. J. Alex Halderman, PhD candidate David Adrian, and alum Zakir Durumeric, announced that it has raised a $2.6 million seed round led by GV and Greylock. The funding will be used as Censys, which just launched as a commercial company last year, seeks to collect more data and develop additional paid services.[Full Story]

This story highlights how tools such as Censored Planet, developed by Research Prof. Roya Ensafi, have shed light on state-sponsored censorship activities such as the measures that were put in place recently in Saudi Arabia.[Full Story]

An already tight governors race in Georgia devolved into new chaos Monday after the Republican candidate, who is also the states chief election official, alleged with little evidence that Democrats sought to hack a voter database that will be used in Tuesdays elections. CSE PhD student Matthew Bernhard told the AP that anyone with access to an individual voters personal information could alter that voters record in the system.[Full Story]

Prof. J. Alex Halderman has been at the forefront of exposing vulnerabilities in electronic voting systems around the world. This Fall, Prof. Halderman and CSE PhD student Matt Bernhard are teaching a new special topics course on election cybersecurity, providing students with a deep examination of the past, present, and future of US elections with perspectives from computer security, tech policy, human factors, and more.[Full Story]

As a national expert on election system security, Prof. J. Alex Halderman has never shied away from explaining how Americas election systems can and have been hacked. The University of Michigan computer science professor stops short of saying vote counts have been changed, but notes Russians tapped into voter registration lists in some states in 2016, and that he and fellow election-hack experts have demonstrated how state election systems can be infiltrated.[Full Story]

This in-depth investigation into the US election system reveals frightening vulnerabilities at almost every level. It quotes Prof. J. Alex Halderman and CSE PhD student Matt Bernhard regarding some of vulnerabilities that exist.[Full Story]

Prof. J. Alex Halderman is on a crusade to demonstrate how vulnerable American voting machines are, and some of his arguments are quite compelling. He has rigged mock elections. He has testified to the machines vulnerabilities in Congress and in court. He has even managed to turn a commonly used voting machine into an iteration of the classic arcade game Pac-Man.[Full Story]

Prof. Atul Prakash, CSE PhD student Kevin Eykholt, and CSE alumni Amir Rahmati and Earlence Fernandes have proposed Tyche, a safer app permissions system for smart homes and the Internet of Things. Their paper on this project, Tyche: A Risk-Based Permission Model for Smart Homes, received a Best Paper Award at the IEEE Cybersecurity Development Conference.[Full Story]

Prof. Daniel Genkin and collaborators have investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens." All that is needed is audio picked up by webcam microphones.[Full Story]

Prof. Daniel Genkin and a team of researchers discovered how hackers can spy on remote computers. LCD displays emit high-frequency sounds that can be recorded by a microphone, including from webcam, smartphone or smart speaker up to 30 ft away. These recordings are then fed into a machine learning algorithm and analyzed to generate an estimation of what's onscreen.[Full Story]

A newly discovered processor vulnerability could potentially put secure information at risk in any Intel-based PC manufactured since 2008. It could affect users who rely on a digital lockbox feature known as Intel Software Guard Extensions, or SGX, as well as those who utilize common cloud-based services. CSE researchers contributed to the discovery of the security hole, called Foreshadow.[Full Story]

West Virginia is experimenting with voting via a blockchain network using smartphones. Prof. J. Alex Halderman cautions that such an approach is not yet truly viable, and that mobile voting using blockchain doesn't address core security problems that are unique to mobile voting.[Full Story]

Cisco today announced its intention to buy Ann Arbor, MI-based security firm, Duo Security. Under the terms of the agreement, Cisco is paying $2.35 billion in cash and assumed equity awards for Duo. Duo Security was founded in 2010 by Dug Song (BS CS ) and Jonathan Oberheide (BS, MS, PhD CSE , , ) and went on to raise $121.M through several rounds of funding. The company has 700 employees with offices throughout the United States and in London, though the company has remained headquartered in Ann Arbor.[Full Story]

This article at WisconsinWatch.org reports in detail on potential vulnerabilities in Wisconsin's voting system, including risks from Russian hacking. It reviews the response of Wisconsin politicians to this prospect as well as the viewpoints of computer scientists. Prof. J. Alex Halderman, an expert in computer, network, and election security, is highlighted in the story.[Full Story]

13 states are still using some electronic voting systems without paper backup. Five states rely upon them exclusively. According to Prof. J. Alex Halderman, "If a sophisticated nation state wants to cause chaos on Election Day, theyre probably already in our systems."[Full Story]

Every day, undocumented immigrants in the U.S. face discrimination, surveillance, deportation, and other dangers. When it comes to their smartphones, immigrants struggle to apply instinctive caution, according to a study by a team of University of Michigan researchers that included CSE PhD student Allison McDonald.[Full Story]

In the article in The Conversation, PhD candidate Qi Alfred Chen and Prof. Z. Morley Mao describe how vulnerabilities in intelligent infrastructure, such as the Intelligent Traffic Signal System being tested by the US Department of Transportation, can create opportunities for hackers to create chaos.[Full Story]

Chris Peikert, with a team of eleven other researchers, has submitted a cryptographic scheme as a proposed standard to the NIST Post-Quantum Cryptography project. Called FrodoKEM, this family of encryption algorithms is designed to be a conservative and practical implementation of one of the most-studied approaches in the post-quantum cryptography field.[Full Story]

This article reviews areas of vulnerability in the US voting system and how these weaknesses can be addressed. Prof. J. Alex Halderman, an expert in computer, network, and election security, is highlighted in the story.[Full Story]

There were more than 1,300 reported cases of ransomware attacks in Michigan in 2017, according to FBI statistics. New legislation signed by the governor closes a loophole that hindered the pursuit of suspected cybercriminals. Professor Kang Shin weighs in on the usefulness of these laws and headaches that may arise.[Full Story]

This article describes steps being taken in Illinois, the lone state known to have its state election system breached in a hacking effort, regarding its election systems. It quotes Prof. J. Alex Halderman, who points out that many of the same weaknesses present in 2016 remain.[Full Story]

This article describes new measures to bolster security for Michigans 2018 midterm elections. Prof. J. Alex Halderman points out that additional progress can occur in the stat's process for auditing of paper ballots.[Full Story]

The purported "sonic attacks" that sickened U.S. and Canadian government workers in Cuba last year could have been an accidental side effect of attempted eavesdropping, says Prof. Kevin Fu, who with his colleagues reverse-engineered the attacks in a lab.[Full Story]

This article on the security of cardiac implants quotes Prof. Kevin Fu, who notes that limiting remote interactions would also address scenarios such as an old computer virus that unintentionally shuts down global operations of remote cardiac telemetry for hundreds of thousands of patients at once.[Full Story]

This article describes the security holes that exist in today's electronic voting machines, including both the shortcomings of voting systems that do not provide paper backup and those of the systems that transmit electronic votes to counting centers. It quotes Prof. J. Alex Halderman, who points to flaws in the protections for vote transmission systems put forth by vendors of paperless systems.[Full Story]

Ann Arbor-based Censys has launched based on work done over the past 5 years in Prof. J. Alex Halderman's lab. Censys is the first commercially available internet-wide scanning tool. It helps IT experts working to secure large networks, which are composed of a constantly changing array of devices ranging from servers to smartphones and internet-of-things devices.[Full Story]

Prof. J. Alex Halderman is quoted on the the vulnerabilities that exist in voting machines, why paper backup is a practical solution, and the approaches that should be taken in auditing election results.[Full Story]

This article in EE Times quotes Prof. Todd Austin on his DARPA-funded MORPHEUS project, which will use computer circuits that are designed to randomly shuffle data around a computer system in order to thwart hackers who are looking for the location of a bug or valuable data.[Full Story]

This article quotes Prof. Todd Austin on his DARPA-funded MORPHEUS project, which will use computer circuits that are designed to randomly shuffle data around a computer system in order to thwart hackers who are looking for the location of a bug or valuable data.[Full Story]

By turning computer circuits into unsolvable puzzles, a University of Michigan team aims to create an unhackable computer with a new $3.6 million grant from the Defense Advanced Research Projects Agency. Todd Austin, a professor of computer science and engineering, leads the project, called MORPHEUS. [Full Story]

Isaac Porche (PhD EE:S 1998) is a senior engineer at the RAND Corporation, where he leads research to help Homeland Security and the government adopt proper cyber security tactics. In this interview, he shares the global state of cyber warfare, the threats to government computer systems, and how his time at Michigan led him to being on the frontlines of technological attacks.[Full Story]

Prof. Fu is an expert on the subject of creating trustworthy embedded computing systems that are resistant to attack. He has served in several national leadership roles to advise government on science, technology, and policy to improve computer security and privacy. He is a cofounder of healthcare cybersecurity startup VirtaLabs[Full Story]

Chris Peikert, the Patrick C. Fischer Development Professor in Theoretical Computer Science, and his co-author Alon Rosen have received the TCC Test of Time Award for their paper on efficient collision-resistant hashing on cyclic lattices. The award is a recognition of a long line of works by Prof. Peikert and others who laid the foundations for practically efficient lattice-based cryptography.[Full Story]

This story on security problems with voting quotes Prof. J. Alex Halderman, who says that "Although there is no evidence that any past election in the United States has been changed by hacking, it is in my opinion only a matter of time until one is."[Full Story]

This article reports on how difficult it is for hackers to invade North Korea's nuclear program. CSE research fellow Will Scott talks about the country's limited connections, and says that any successful attack would require a human agent working to manually sabotage target systems. [Full Story]

A team of researchers including Prof. Manos Kapritsos has won a Distinguished Paper Award at the 2017 USENIX Security Symposium for Vale, a new programming language and tool that supports flexible, automated verification of high-performance cryptographic assembly code.[Full Story]

This article describes an implementation of TapDance, a method of anticensorship deployment that is built into the very core of the internet itself. By building TapDance into the servers and routers that underpin the Internet, censorship would become impractical. TapDance's development has been led by Prof. J. Alex Halderman.[Full Story]

This article on voting system security quotes Prof. J. Alex Halderman, who says of the prospect of election tampering that "the technical ability is there and we wouldn't be able to catch it. The state of technical defense is very primitive in our election system now."[Full Story]

The Internet is more secure thanks to Let's Encrypt, the certificate authority founded by Prof. J. Alex Halderman and his collaborators. Since launching in Jan. 2016, Let's Encrypt has issued 100 million certificates.[Full Story]

Prof. J. Alex Halderman testified in front of the Senate Intelligence Committee as a part of the broader Russian hacking investigation. His remarks focused vulnerabilities in the US voting system and a policy agenda for securing the system against the threat of hacking.[Full Story]

In this commentary piece in the Chicago Tribune, Prof. J. Alex Halderman and Justin Talbot-Zorn make the case for a straightforward policy agenda to secure America's voting systems against the threat of hackers.[Full Story]

In the article, Prof. J. Alex Halderman points out how electronic voting systems even those not connected to the Internet can be compromised. One path for hackers is to attack the computers that are used to program the ballots, which are later transferred to voting machines via memory cards.[Full Story]

The College of Engineering reports on work by computer science security researchers which has revealed that so-called "open ports" are much more vulnerable to security breaches than previously thought.[Full Story]

This article reports on work by CSE researchers who have characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data by using open ports to create backdoors.[Full Story]

CSE researchers have characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data, and also to install malware and to perform malicious code execution which could be used in large-scale attacks. [Full Story]

CSE researchers have demonstrated a new way of using sound to interfere with devices containing accelerometers, such as smartphones and self-driving cars. This presents a new avenue for hackers to use in compromising devices to steal information or disrupt communication.[Full Story]

This article in the Indian edition of the Huffington Post, references the work that Prof. J. Alex Halderman and his collaborators did in 2010 to demonstrate vulnerabilities in India's "tamper-proof" electronic voting machines.[Full Story]

Computer science and engineering researchers at the University of Michigan have for the first time characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data, and also to install malware and to perform malicious code execution which could be used in large-scale attacks.[Full Story]

Researchers including Prof. Kevin Fu and CSE graduate student Timothy Trippel have demonstrated a new way of using sound to interfere with devices containing accelerometers, such as smartphones. This presents a new avenue for hackers to use in compromising devices to steal information or disrupt communication.[Full Story]

This article features work done by Prof. Kevin Fu and his collaborators in which they demonstrate a way to take control of or influence devices such as smartphones through the use of sound waves.[Full Story]

This article features work done by Prof. Kevin Fu and his collaborators in which they demonstrate a way to take control of or influence devices such as smartphones through the use of sound waves. The Department of Homeland Security is expected to issue a security advisory alert for affected chips.[Full Story]

Sound waves can be used to hack into critical sensors used in a broad array of technologies including smartphones, automobiles, medical devices, and the Internet of Things, according to research performed by Prof. Kevin Fu, Prof. Peter Honeyman, CSE graduate student Timothy Trippel, and their collaborators at the University of South Carolina.[Full Story]

This article in the Chronicle of Higher Education includes a Q and A with Prof. J. Alex Halderman on the 2016 presidential election recount and on the challenges ahead for election integrity.[Full Story]

This story provides an in-depth, inside view of how the recount effort for the 2016 presidential election - of which Prof. J. Alex Halderman was a primary participant - was sparked, how it came to focus on three states, what the results showed, and what we can learn from it all.[Full Story]

This article reviews the vulnerabilities that currently exist in our voting system. It references Prof. J. Alex Halderman, who has stated that he and his students could have changed the results of the November election.[Full Story]

Prof. Alex Halderman is quoted in this article which reports on the recent Chaos Communication Congress. "Developing an attack for one of these machines is not terribly difficult," says Prof. Halderman. "I and others have done it again and again in the laboratory. All you need to do is buy one government surplus on eBay to test it out."[Full Story]

Prof. Kevin Fu has been selected to give the annual Dwight E. Harken Lecture during the AAMI 2017 Conference & Expo in Austin, TX, June 912. Prof. Fu directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group at Michigan and is also CEO and chief scientist of Virta Labs, Inc. [Full Story]

Chaos Communications Congress is the world's oldest hacker conference, and Europe's largest. Every year, thousands of hackers gather in Hamburg to share stories, trade tips and discuss the political, social and cultural ramifications of technology. This story quotes Prof. J. Alex Halderman, who with his student Matt Bernhard, has studied the security of the past US presidential election.[Full Story]

A battle over whether or not a recount of ballots cast in Pennsylvania during the recent presidential campaign is taking place. In the case made for a recount, hackers could have easily infected Pennsylvanias voting machines with malware designed to lay dormant for weeks, pop up on Election Day and then erase itself without a trace, according to Prof. J. Alex Halderman.[Full Story]

This article in the New York Times reports on the uneven progress toward recounts in three key states for the recent presidential election. Led by Green Party candidate Jill Stein, the recounts were inspired by a call from leading security experts, including Prof. J. Alex Halderman.[Full Story]

CNN reports that a group of top computer scientists, including Prof. J. Alex Halderman, have urged Hillary Clinton's campaign to call for a recount of vote totals in Wisconsin, Michigan and Pennsylvania. The computer scientists believe they have found evidence that vote totals in the three states could have been manipulated or hacked and presented their findings to top Clinton aides on a call last Thursday.[Full Story]

The BBC reports on the call by leading computer scientists, including Prof. J. Alex Halderman, for a recount of votes in the presidential election in three swing states. Their analysis shows that Clinton performed worse in counties that relied on electronic voting machines compared to paper ballots and optical scanners.[Full Story]

In this post, Prof. J. Alex Halderman sets the record straight regarding what he and other leading election security experts have actually been saying to the Clinton campaign and everyone else whos willing to listen. He describes a situation where malware could be a factor in the vote totals during the presidential election.[Full Story]

Leading computer security experts with an interest in election integrity, including Prof. J. Alex Halerman, have called for a recount of the votes cast in the presidential election in three key swing states. They believe they have found evidence that results in Wisconsin, Michigan, and Pennsylvania may have been manipulated.[Full Story]

This article describes the security ramifications of unprotected IoT devices such as internet-connected cameras, video recorders on the larger Internet. It quotes Prof. Kevin Fu on the effort that would be required to secure this new ecosystem.[Full Story]

As the Internet of Things grows around us, so do the threat of cybersecurity breaches severe enough to shut down hospitals and other vital infrastructure. This is the message that Prof. Kevin Fu delivered to lawmakers at a congressional hearing this week.[Full Story]

In a hearing hosted by the House Energy and Commerce Committee, University of Michigan professor Kevin Fu, Level 3 Communications Chief Security Officer Dale Drew and computer security luminary Bruce Schneier briefed Congress on the challenges posed by insecure internet-connected devices and whether they believe the government can make a difference. This article provides a summary of the proceedings.[Full Story]

The U.S. government must demand that all internet-connected devices have built-in security, according to experts including Prof. Kevin Fu who warned Congress that the country could soon face a disastrous, lethal cyberattack.[Full Story]

Prof. Kevin Fu testified before the House Energy and Commerce Committee on the role of connected devices in recent cyber attacks on Wednesday, Nov 16, 2016. Follow the link to see a video of the proceedings.[Full Story]

As automobiles grow increasingly computerized, the security of the network for in-vehicle communication is a growing security concern. New research by Prof. Kang G. Shin and graduate student Kyong-Tak Cho demonstrates that the controller area network (CAN) protocol implemented by in-vehicle networks has a new and potentially quite dangerous vulnerability.[Full Story]

The Smart Home sounds like a great idea. But is it an unsafe home? "I would be cautious, overall," says Prof. Atul Prakash. "The technology is relatively new. Hardware is probably a little bit ahead of the software at this point, and a lot of vulnerabilities we are seeing are primarily on the software side of things." Read more and listen to the full interview here.[Full Story]

Forbes reports on numerous reports of broken machines causing epic queues and peeving voters. Matt Bernhard, CSE graduate student and an expert on the security of electoral systems, says that "This year isn't that different, other than I'm expecting higher turnout which may stress the infrastructure more." [Full Story]

"Unless the election is extraordinarily close, it is unlikely that an attack will result in the wrong candidate getting elected," suggest CSE graduate student Matt Bernhard and Prof. J. Alex Halderman. But they say the risk the election process could be disrupted by hackers should be taken extremely seriously.[Full Story]

This article sheds light on potential cyberattacks during the U.S election. Some cybersecurity analysts warned that hackers of even moderate talent could possibly throw the results of the 2016 presidential election into chaos. Prof. Halderman hopes all the attention on voting-system vulnerabilities will motivate state governments to invest in cybersecurity for the 2020 elections. [Full Story]

This article discusses the vulnerabilities of direct recording electronic voting systems. It quotes Prof. J. Alex Halderman and his colleagues on the security of DREs. Twenty-nine states still use DREs and five states: Delaware, Georgia, Louisiana, New Jersey and South Carolina, use the easily compromised machines without a paper trail.[Full Story]

This guest post on IEEE Spectrum by CSE graduate student Matthew Bernhard, Prof. J. Alex Halderman, and Robert Cunningham, Chair of the IEEE Cybersecurity Initiative, lays out the details for the case against Internet voting.[Full Story]

Is our voting system really vulnerable to hackers? Professor of computer science, J. Alex Halderman, explains the situation to VICE News in this segment that originally aired on October 24.[Full Story]